HIPAA and Network Security

13 09 2007

A friend of mine, who used to work for a company that’s contracted to the state of Wisconsin for its Medicare/Medicaid program, worked more specifically with HIPAA. I asked him this:

I’ve got a question for you… do you have, or know where I might find, information about HIPAA in regards to network security? For instance, companies’ legal responsibilities for keeping electronic data secure?

His response:

That’s a hell of a loaded question. HIPAA actually has very few specifics about what is required for network security, but instead is written vaguely enough that everyone is keeping on their toes. It was enacted back in ’96 so anything they wrote into it is already 11 years old. It’s far from being as simple as “and every entity must have a XXXX type firewall system”… It’s really more like “everyone must do what is necessary to keep the information secure”.

Overall, it affects any covered entity that works with health data: hospitals, other health care providers, health/pharmaceutical insurance companies, state health programs (i.e. medicaid) etc. All of these need to have a privacy/security plan in place. Also, a LOT of the network security aspect of this is paperwork. When one of the above entities has someone else working for them (like EDS for WI Medicaid), they need to have a business associate agreement or agent subcontractor agreement in place. This forces the subcontractor to follow the rules of the covered entity. And there’s a trickle down effect as well: when the subcontractor has another subcontractor working for them (like when UGS worked for EDS) there’s another agent subcontractor agreement in place between them. Also, for things like web portals or other remote systems, there are user agreements in place for each user to protect against the dissemination of the data to persons not needing to see it. And user accounts should always follow the “minimum necessary” rule which says that any user should only have access to exactly what they need to accomplish the job and nothing more.

So a security administrator for a company that handles medical records needs to be aware of the nebulous regulations set up by the federal and state governments. Not only do they need to design a security system that will keep information secure, but they need to keep the “minimum necessary” rule in mind, too. It’s a tight rope to walk in ever changing conditions.

He also provided these links:

Wikipedia has a good article (see the “security rule” section):

The official government site:

Another good government site (more security heavy):

And a good Wisconsin based org that pretty much sets the industry standard for this sort of thing in the state, HIPAA Cow:


4 Features iTunes Should Have By Now

11 09 2007

I use iTunes as my music player, and it suits my needs well enough. It’s by far not my ideal music player, but I like it more than any other options I’ve tried.

Except one.

Amarok is much better than iTunes. I like it a lot more, and I wish so much that I could use it all the time. The only problem is that Amarok is currently only available for Linux. It’s a great application, and is often cited as one of the biggest reasons to switch to Linux.

Amarok has a few very awesome features that, quite frankly, I’m surprised haven’t been implemented by now in iTunes.

In no particular order:

Built-in lyric display. Amarok has a tab on the side of the window called “Context”. One of the features on this tab is to display the lyrics of the current song. Shouldn’t this feature be a staple of every media player? Instead of going through Google to find the lyrics for a song, you can just open the Context tab and voila!
Built-in display of artist’s Wikipedia article. Also located in the Context tab, this handy little feature lets you read up on the currently playing artist. It also supports hyperlinks so you can click links to the band’s specific albums, songs, related artists, etc. and after a few songs wonder how you ended up on the article for Lesbianism in Erotica.
Automatic scoring of tracks. I’m pretty sure it’s called “Score”, but I’m not entirely sure – I haven’t used Amarok in a while. (I know!) In addition to having ratings that you manually input, Amarok keeps score of the tracks that are played. If I remember correctly, it bases the score (out of 100) on how many times the track has been played compared to the Most Played Track. If the song plays all the way through, it counts more than if you’d skipped it in the middle of playback. This is totally automatic, and gives you one more dimension for creating dynamic playlists.
More precise ratings system. Amarok allows you to rate songs with half stars. So instead of just choosing between 0, 1, 2, 3, 4, and 5 as in iTunes, Amarok allows you to give a song 0, 0.5, 1, 1.5, etc. stars for a more precise appraisal of your music.

These four features would be at least as useful as the Album Ratings Apple put into the 7.4 version of iTunes recently. Don’t get me wrong; Album Ratings is cool – except for the fact that you apparently can’t remove an album rating completely – but these four features give you much more control over your music, and give you a richer experience.

Almost there….

27 08 2007

This school term is almost over. Thank the heavens.

This term has been the hardest so far. The two classes I’ve had, Speech and Linux Administration, were each incredibly demanding. I really wish I’d had these classes separately, especially the Linux class. I’ve really enjoyed it so far, but being paired up with Speech, I wasn’t able to devote as much time and attention to it as I would have liked. I’ve learned a lot of cool things you can do in Linux, and I feel a LOT more comfortable using it.

For my final project, I’ve set up a blog and chat server. Aside from a few anomalous roadblocks, the installations went very smoothly. It wouldn’t be much at all to set up a chat or blog server for our company, I don’t think. It certainly wouldn’t cost a ton of money, especially if you use existing hardware.

I used WordPress for the blogging, and 123flashchat for the IM.

WordPress took a little bit of configuration, but even so, it was very simple and straightforward. There’s very good documentation on the WordPress site, and via Google.

123flashchat was even easier. I just downloaded the server media, unzipped it, and that was it. There was no configuration at all. I was having trouble with it for a while – I couldn’t access the chat interface from a client computer. I tried tweaking IP addresses, subnets, and gateways, but nothing I tried worked. Then I finally realized that the firewall on the server was still on. chkconfig iptables off and service iptables stop did the trick.

Now I just have to show my teacher that the blog and chat servers work, and that will be that. From what I’ve learned doing this, I might see if I can set up a chat server for use here at work, so we don’t have to go through GTalk or other 3rd party services.

This marks the end of my third semester at Herzing. I’m 1/3 of the way through the Bachelor Degree. Next semester I only have two classes, one per term. Which means no online class. Next semester shouldn’t be nearly so hellish.

Share your iTunes library between multiple computers

13 07 2007

For quite a long time, I was trying to manage two iTunes music libraries; one at work and one at home. I listen to music probably 7 out of 8 hours a day at work, but fairly rarely at home. But when I did listen at home, I didn’t have the same playlists I had at work, since many of them are dynamic, based on play counts and ratings.

I found a remedy a month or so ago, and now I can listen to the same library at work and at home. It works wonderfully.

This guide has moved. Continue reading »